Hi,
Good news about HCD-TNC.
Dr. Andreas Steffen at HSR (in Switzerland) had completed a prototype
implementation, including multiple PA subtypes (i.e., Printer MIB subunits).
All - please take a look at the code and release notes. We'll talk more
about
this prototype effort in two weeks at our August PWG F2F.
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
Winter 579 Park Place Saline, MI 48176 734-944-0094
Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
---------- Forwarded message ----------
From: Andreas Steffen <andreas.steffen at hsr.ch>
Date: Sun, Jul 26, 2015 at 7:13 AM
Subject: Re: Query about prototype of IEEE-ISTO PWG Hardcopy Device Health
AssessmentTNC Binding
To: Ira McDonald <blueroofmusic at gmail.com>
Hi Ira,
I've just completed a prototype implementing the latest PWG HCD-TNC
spec including support of multiple PA subtypes. You can find the
[partially] commented configuration and log files of the
tnccs-20-hcd-eap example scenario using a HCD IMC/IMV pair under
the link
https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect#Hardcopy-Device-Health-Assessment
If you need a walkthrough through the architecture of the prototype
and or the test results then we can arrange a telco sometime next
week.
Currently the source code of the prototype is kept in a separate
branch on the strongSwan git server
https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/pwg-hcd-tnc
Best regards
Andreas
On 07/02/2015 05:21 PM, Ira McDonald wrote:
> Hi Dr. Steffen,
>> Just a reminder that we (PWG) would like to hear back from you when
> you get a chance about a refined cost estimate for a prototype of our
> HCD-TNC spec.
>> Also, whatever form of RFP (from us) or simply a Proposal (from you).
> The less superfluous paperwork, the better for all of us.
>> Cheers,
> - Ira (PWG Secretary)
>>> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
>http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc> mailto: blueroofmusic at gmail.com <mailto:blueroofmusic at gmail.com>
> Winter 579 Park Place Saline, MI 48176 734-944-0094
> Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
>>> On Mon, Jun 8, 2015 at 7:06 PM, Ira McDonald <blueroofmusic at gmail.com> <mailto:blueroofmusic at gmail.com>> wrote:
>> Hello Dr. Steffen,
>> Here is a link to the HCD TNC draft (with change bars) where I
> attempted
> to address all of your comments:
>>http://ftp.pwg.org/pub/pwg/ids/wd/wd-idstnc10-20150530-rev.pdf>> That draft was reviewed last Monday by the PWG IDS WG - so I just sent
> another HCD TNC draft (with change bars) where I attempted to address
> all of the IDS WG member comments and discussion:
>>http://ftp.pwg.org/pub/pwg/ids/wd/wd-idstnc10-20150608-rev.pdf>> Note especially that, by IDS WG consensus, I added a series of
> HCD-specific
> PA subtypes that map one-to-one to all of the components of an HCD
> defined
> in the abstract model in the PWG Imaging System State and Counter
> MIB v2:
>>>http://ftp.pwg.org/pub/pwg/candidates/cs-wimscountmib20-20080318-5106.3.pdf
>>>http://ftp.pwg.org/pub/pwg/candidates/cs-wimscountmib20-20080318-5106.3.mib
>> IDS WG members strongly feel that firmware for the System (main
board),
> Console, Finisher, Interface, Marker, and Scanner components should be
> labeled with the relevant HCD component type (since each of these
major
> components typically has a unique boot ROM, a unique OS, and a unique
> firmware image - also each of these major components are typically
built
> by different suppliers).
>> I realize that the TCG face-to-face meeting in Edinburgh will be
> next week,
> but please take a look at the change logs and redlines in these two
> versions
> at your convenience.
>> PWG Steering Committee members are unanimously in favor of proceeding
> with our discussion of a strongSWAN prototype effort and refinement
> of your
> original cost estimate (we do realize that we just made it a bit
> more complex,
> although in practice a single HCD IMV should normally be sufficient -
an
> exception might be for high-end Finishers built by third parties).
>> Cheers,
> - Ira (IEEE-ISTO PWG Secretary, HCD TNC Binding editor)
>> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
>http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc> mailto: blueroofmusic at gmail.com <mailto:blueroofmusic at gmail.com>
> Winter 579 Park Place Saline, MI 48176 734-944-0094
> <tel:734-944-0094>
> Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
> <tel:906-494-2434>
>>> On Mon, May 18, 2015 at 9:22 PM, Ira McDonald
> <blueroofmusic at gmail.com <mailto:blueroofmusic at gmail.com>> wrote:
>> Hi Andreas,
>> More background:
>> There are NO implementations of this HCD TNC Binding in any real
> printer.
>> The PWG Process 3.0 requires that, when aworking draft has
> reached the
> "Prototype" draft state, then it MUST be prototyped (at some
> level) by at
> least one vendor before the document can advance to a "Stable"
> draft state
> and pass on through WG last call, then PWG last call, and
> finally PWG formal
> vote for a PWG Candidate Standard (published).
>>http://ftp.pwg.org/pub/pwg/general/pwg-process-30.pdf>> The point of asking for your help for a prototype is to get this
> document
> moving forward again on the PWG standards process.
>> You already found several discrepancies (I'll take them to the
> IDS WG for
> review and updated text). Unfortunately, I can't choose to
> restructure the
> Firmware/ResidentApplication/UserApplication* tuples into single
> attributes.
> Note that IETF NEA did not do so for the similar attributes
> either (our main
> source for structure).
>> I look forward to your further thoughts and reply.
>> Cheers,
> - Ira
>> Ira McDonald (Musician / Software Architect)
> Co-Chair - TCG Trusted Mobility Solutions WG
> Chair - Linux Foundation Open Printing WG
> Secretary - IEEE-ISTO Printer Working Group
> Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> IETF Designated Expert - IPP & Printer MIB
> Blue Roof Music / High North Inc
>http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc> mailto: blueroofmusic at gmail.com <mailto:blueroofmusic at gmail.com>
> Winter 579 Park Place Saline, MI 48176 734-944-0094
> <tel:734-944-0094>
> Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
> <tel:906-494-2434>
>>> On Sun, May 17, 2015 at 2:05 PM, Andreas Steffen
> <andreas.steffen at hsr.ch <mailto:andreas.steffen at hsr.ch>> wrote:
>> Hi Ira,
>> I think 2'000 USD should be sufficient to fund the
> implementation of
> the PWG HCD PA-TNC attributes and to build a demo HCD
> IMC/IMV pair
> since the structure of the attributes types is quite simple.
>> Concerning the PWG HCD Health Assessment TNC Binding draft I
> have
> the following remarks/questions:
>> - The attribute type 0x50 (23) of the TimeSource attribute
> is wrong.
> 0x50 (80) has been assigned to ResidentApplicationName.
> The correct
> attribute type of TimeSource probably is 0x32 (50).
>>> <ira> Thanks for catching the TimeSource typo. Actually the
> decimal value of '23'
> is correct and the hex value of '0x50' is wrong and should be
> '0x17' per this
> table of assigned values from the Imaging Device Security WG:
>>http://ftp.pwg.org/pub/pwg/ids/wd/ids-attributes-2012-04-20.txt>>> - How is the 128 bit binary blob of the *Version attributes
> to be
> interpreted? The draft says that it MAY conform to section
> 4.2.3
> “Numeric Version” of IETF PA-TNC [RFC5792]:
>>> <ira> The version block is opaque and (per Lexmark and Ricoh
input)
> was not standardized (i.e., you can't interpret it, any more
> than you can
> interpret the equivalent NEA attribute). You just do a binary
> compare for
> equality. Not my choice, because the PWG model spec (whose link
> I also
> sent is authoritative but ambiguous).
>> * 1 2
> 3
> * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
> 8 9 0 1
> *
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> * | Major Version Number
> |
> *
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> * | Minor Version Number
> |
> *
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> * | Build Number
> |
> *
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> * | Service Pack Major | Service Pack
> Minor |
> *
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> If another representation is chosen by a printer vendor
then
> interoperability will be very difficult. Shall the demo
> implementation just do a hex dump of the 128 bit blob?
>>> <ira> Yes - pure 128-bit dump.
>>>> - Section 5.4 Correlated Attributes (Name, Patches,
> StringVersion,
> Version) has a note saying: Each ordered set of Correlated
> Attributes
> MUST include an empty string if there is no known value
> for one of
> the Correlated Attributes. This cannot be true for the
Version
> attribute because it has a fixed size of 16 bytes. It
> would make
> sense to set the 128 bit binary blob to all zeroes.
>>> <ira> Agreed - this is a bug in this binding and the PWG model
spec.
> This will take some grief to fix (PWG Process to adopt an errata
of
> the model spec). Yes, zero's would be appropriate for the
> fixed-length
> attributes. I'll raise the issue in the IDS WG.
>>> - Because of the Correlated Attributes requirement it would
> make much
> more sense to pack Name, Patches, StringVersion and
> Version into
> a single attribute. The reason this isn't done is probably
> due to
> the size restrictions of PT-EAP transport. I'd like to
> mention that
> all strongSwan IMCs and IMVs support the IF-M Segmentation
> Specification proposal being drafted by the TNC Endpoint
> Compliance
> Subgroup which allows to transfer huge attributes
> (>100'000 kB) in
> chunks as small as several hundred bytes over
> size-restricted PB-TNC
> batches.
>>> <ira> The PWG model spec was adopted years earlier - we CANNOT
> make any such structural changes at this point to defined
> attributes
> (because as SEPARATE attributes they're already in the approved
> parallel PWG MS-NAP Binding).
>>> - For the demo it would be helpful to have some real-world
> examples
> taken from actual printers for all of the 25 PWG HCD
> attribute types.
>>> <ira> There are NO real-world examples or implementations. See my
> note above.
>>> Best regards
>> Andreas
>> On 05/15/2015 08:50 PM, Ira McDonald wrote:
> > Hi Andreas,
> >
> > We spoke several years ago at a TCG face-to-face meeting
about your
> > wonderful open
> > source TNC protocol stack.
> >
> > Two weeks ago, I attended the annual joint meeting of
IEEE-ISTO Printer
> > Working roup
> > (I'm the Secretary) and Linux Foundation Open Printing
> Summit (I'm the
> > Chair), where we
> > reviewed minor editorial changes to a work-in-progress PWG
> Hardcopy
> > Device Health
> > Assessment TNC Binding spec which has been waiting in
> Prototype Draft
> > state for awhile.
> >
> > http://ftp.pwg.org/pub/pwg/ids/wd/wd-idstnc10-20150419.pdf> >
> >
> >
>http://ftp.pwg.org/pub/pwg/candidates/cs-idsattributes11-20140529-5110.1.pdf
> >
> > Mike Sweet (Apple, PWG Chair) suggested that I ask if you
> would be
> > interested in PWG
> > funding for a graduate student to use your TNC stack and
> do a desktop
> > prototype (not
> > hosted in an actual printer) of these 20+ PWG extension
> health attributes.
> >
> > If you are interested, would you take a quick look at our
> spec and think
> > about what kind
> > of funding level would be appropriate to build a desktop
> prototype of a
> > "printer" reporting
> > its own health attributes as a TNC Client.
> >
> > Cheers,
> > - Ira (PWG Secretary, IPP WG Co-Chair, HCD-TNC Editor)
> >
> >
> > Ira McDonald (Musician / Software Architect)
> > Co-Chair - TCG Trusted Mobility Solutions WG
> > Chair - Linux Foundation Open Printing WG
> > Secretary - IEEE-ISTO Printer Working Group
> > Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
> > IETF Designated Expert - IPP & Printer MIB
> > Blue Roof Music / High North Inc
> > http://sites.google.com/site/blueroofmusic> > http://sites.google.com/site/highnorthinc> > mailto: blueroofmusic at gmail.com> <mailto:blueroofmusic at gmail.com>
> <mailto:blueroofmusic at gmail.com> <mailto:blueroofmusic at gmail.com>>
> > Winter 579 Park Place Saline, MI 48176 734-944-0094
> <tel:734-944-0094>
> > Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
> <tel:906-494-2434>
> >
>> --
> ======================================================================
> Andreas Steffen e-mail:
>andreas.steffen at hsr.ch <mailto:andreas.steffen at hsr.ch>
> Institute for Internet Technologies and Applications
> Hochschule fuer Technik Rapperswil phone: +41 55 222
> 42 68 <tel:%2B41%2055%20222%2042%2068>
> CH-8640 Rapperswil (Switzerland) mobile: +41 76 340
> 25 56 <tel:%2B41%2076%20340%2025%2056>
> ===========================================================[ITA-HSR]==
>>>>
--
======================================================================
Andreas Steffen e-mail: andreas.steffen at hsr.ch
Institute for Internet Technologies and Applications
Hochschule fuer Technik Rapperswil phone: +41 55 222 42 68
CH-8640 Rapperswil (Switzerland) mobile: +41 76 340 25 56
===========================================================[ITA-HSR]==
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20150726/f8615f5e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4231 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ids/attachments/20150726/f8615f5e/attachment-0001.p7s>